From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks. What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…
If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…
The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different. Standards were created keeping in mind that Read more…
In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…
As old the saying goes no good deed goes unpunished, and some may feel that goes with the aftermath of a successful ISO 27001 certification project. With your organization now certified, you might feel you could breathe a sigh of relief and take a long well-deserved vacation. Your ongoing effort to maintain your ISMS during Read more…
Risk management is an essential discipline for any organization. It does not matter what your business does, where it is located, what technology is used or how many people you are managing: Each and every organization is exposed to risks. How well you understand and handle your risk context can have direct implications on your Read more…
Governance, Risk, and Compliance (GRC) is increasingly becoming a more integral part of most businesses, especially with mandates of risk analysis and information security integration within all aspects of business processes. Most organizations have regulatory, contractual or legal requirements obligations, and complying with these may seem like a daunting task to manage, and it can Read more…
Your organization has decided to go for ISO 27001 certification, and your development team is not exactly fond of the idea. As the project kick-off date is getting closer and closer, you have overheard watercooler conversations that there is talk of open resistance by veteran employees that would rather migrate to a new company than Read more…
Many organizations have chosen to focus their strategy towards compliance with data security best practices. The benefits are obvious: having adherence to regulatory requirements and while using it as a competitive edge, is a sound way to develop new contracts with customers that demand a higher level of the controls that could impact the integrity, Read more…
To say Excel is a poor choice for managing your assets, risks or an entire GRC program is an understatement. And it’s not just Excel, any form of a spreadsheet is the wrong tool that most of the times will cause you more trouble than it’s worth. Don’t get me wrong; I use Excel on Read more…
StandardFusion Fit Analyzer